
		13) UUCICO core dumps on unwritable A.* files

From: teklabs!ucbvax!mhtsa!alice!physics!gill
Date: Tue Jul 13 21:30:29 1982
Subject: Two bug fixes to uucico (and some 4.1 commentary)
Newsgroups: net.unix-wizards
References: anlwrk.c,anlwrk(),conn.c,dialup()

	A bug in anlwrk.c causes uucp to core dump after a perfect
login and startup. This happens when there is an unwritable A.xxx file in the
spool directory. Trouble is, anlwrk() in anlwrk.c doesn't check the
stream it gets from fopen against NULL before trying to do an fprintf
of the command lines completed count onto the file.

	afp = fopen(afile, "w");
	fprintf (afp, "%d", acount);
	fclose(afp);

should be changed to

	if ((afp = fopen(afile, "w")) != NULL)
	{
		fprintf (afp, "%d", acount);
		fclose(afp);
	}

The A.xxx file was owned by root on our system (somehow) and mode
0644, due to WFMASK (in uucp.h) being 0133.

The core files landed in /usr/spool/uucp, but were of zero length.
This was an extreme pain in the ass, as the symptom only showed
up when uucico was run from an ordinary uid with the setuid bit
on. The "no core files for setuid programs" restriction in the 4.1
kernal should happen before the if (ip== NULL) ... mknode(0666), 
not after. A better idea is to escape this test if the core file did not exist
before and the link count is still one. Anything but the misleading
documentation (only found in sig.c) stating that core dumps can in fact
happen to setuid programs.

